Activities-Based Regulation and Systemic Risk

Past financial crises have shown that systemic risk can emanate from financial firms or activities. It can be caused by the failure of a large firm (hence, the moniker "too big to fail") or it can be caused by correlated losses among many small market participants. Although historical financial crises have centered on banks, nonbank financial firms were also a source of instability in the 2007-2009 crisis.

The 2010 Dodd-Frank Act (P.L. 111-203) was enacted in response to the crisis. It enhanced the regulation of certain financial firms and activities to reduce systemic risk, particularly prudential regulation administered by the Federal Reserve (Fed) of banks and nonbanks. All large banks would automatically be subject to more stringent standards, as would nonbanks designated by the Financial Stability Oversight Council (FSOC), popularly known as systemically important financial institutions (SIFIs). This approach can be classified as an institution-based approach because it addresses risks to financial stability at the firm level.

As discussed in this Insight, all four of the nonbanks that were designated by FSOC have since been de-designated, and the size threshold for enhanced regulation of banks was recently increased. The Treasury Department has argued that activities-based systemic risk regulation—regulating particular financial activities or practices to prevent them from causing financial instability—is preferable to institution-based regulation for nonbanks. The two approaches, however, need not be mutually exclusive. International insurance regulation has also moved away from a focus on institution-based regulation and toward activities-based regulation recently.

Regulating Firms vs. Activities for Systemic Risk

An institution-based approach addresses financial instability that stems primarily from the failure of large, interconnected firms. It particularly could address the experience during the 2007-2009 crisis, when large, complex firms, such as AIG, failed due to unanticipated correlated losses in different activities within a firm (credit default swaps and securities lending, in the case of AIG). An institution-based approach could also address the possibility of a firm failing due to more company-specific issues, such as inadequate internal controls, for example.

Institution-based regulation allows for overall monitoring of firms' risk-taking that activities-based regulation does not. (Dodd-Frank gave the Fed the authority to actively supervise SIFIs; all banks are subject to similar supervision, but some other types of financial firms are not.) For example, stress tests and living wills allow regulators to prepare for, respectively, how SIFIs would fare under stress and their orderly failure. Systemic risk might be more likely to build up undetected if regulators do not regularly examine large nonbanks because they are not subject to enhanced regulation.

Institution-based regulation, however, also has drawbacks. It could create regulatory "cliffs" where two fairly similar firms do not compete on a "level playing field" because one is designated for enhanced regulation and the other is not. Such regulation could even backfire by pushing more "risky" activities into institutions that are not regulated for safety and soundness or systemic risk. Institution-based regulation, as put into place under Dodd-Frank, was also particularly criticized for the possibility of the Fed, a bank regulator, inappropriately applying bank-centric regulation to nonbanks. (Since the pertinent regulations were never finalized, the merits of this argument remain unknown.)

An activities-based approach may be more effective at mitigating systemic risk unrelated to distress at large firms. In particular, systemic risk sometimes results from correlated activities among smaller firms, such as the U.S. savings and loan crisis in the 1980s, in which more than 1,000 smaller financial institutions failed. Some have argued that an activities-based approach is more appropriate in securities markets. For example, in the asset management industry, firms primarily managing customers' assets may be less likely to fail themselves in a financial panic, but could serve as conduits for instability.

One concern some have with activities-based regulation under the current structure is that regulators—particularly those who are not primarily prudential regulators—may not have the authority or capacity to identify and address systemic risk in all cases. In contrast to the Fed's institution-based authority, FSOC itself does not have authority to promulgate new activities-based regulations as systemic threats emerge. Instead, Dodd-Frank relied on FSOC members' existing authorities. In some cases, that authority is broad and discretionary; in others, it is not. Where individual agencies lack authority to address systemic risk posed by activities engaged in by the institutions they regulate, Congress would need to provide these agencies with the necessary authority to act. FSOC may make nonbinding recommendations to its member agencies to implement reforms, but cannot require the agency to implement the changes. FSOC has recommended activities-based systemic risk regulations only once—in 2012, when it recommended that the Securities and Exchange Commission (SEC) implement money market reforms, which were ultimately adopted in 2014.

Activities-Based Regulation and Insurers

Since three out of four of the de-designated SIFIs are insurers, insurance regulation is potentially the most significantly affected by a shift from institution-based to activities-based regulation. Although insurers, particularly AIG, were instrumental in the recent crisis, traditional insurance (e.g., life, property, and casualty insurance), as an activity, is typically not seen as posing systemic risk. Insurance liabilities are often contingent and based on the occurrence of events uncorrelated with financial markets, such as extreme weather events. For these forms of insurance, "runs," such as those that occur on banks during a financial panic, are essentially impossible. Some insurance policies, however, do allow for loans against policy values or forms of withdrawals that could partially mimic bank runs. Some insurers also offer forms of financial guaranty insurance, the payouts of which could be highly correlated with the financial markets. Beyond simple insurance policies, insurance companies may also undertake other financial market activities, such as repurchase agreements or securities lending, that could pose systemic risk.

If FSOC were to deem any insurance activities as systemically risky, arguably no federal regulator would have jurisdiction to regulate them. There is also debate about whether the state-based insurance regulatory system—with its historical focus on individual insurer solvency and consumer protection, rather than systemic risk—can adequately address potential risks posed by insurers' noninsurance activities.